Blog Post

Viva Engage Blog
2 MIN READ

Yammer API with AAD tokens Postman Collection

samsearth's avatar
samsearth
Icon for Microsoft rankMicrosoft
Oct 14, 2019

We’re excited to inform that all Yammer v1 APIs now support the usage of Azure Active Directory (AAD) tokens. This is a critical step in Yammer’s authentication journey across web, mobile and platform to fully use AAD tokens instead of the Yammer OAuth token.

 

In this blog, we’d like to share steps for creating an AAD app, and visualizing Yammer API responses via the Postman client with AAD tokens.

 

Download the Postman Collection here.

 

1. Register a new app in Azure Active Directory

Go to https://portal.azure.com and register a new application.

 

Registering an app in AAD

 

2. Get app registration details

Copy the Client ID and Secret, and set the Redirect URI to https://www.getpostman.com/oauth2/callback

App registration details

 

3. Endpoints

Copy the OAuth 2.0 endpoints from the Azure portal to input into Postman

OAuth 2.0 endpoints for Postman

 

4. Request Yammer API permissions

Choose Yammer from the list of API permissions

Request API permissions

 

6. Enable Delegated permissions

Choose Delegated permissions and user_impersonation. Application permissions are currently not supported and we’re planning on addressing that limitation.

Delegated permissions

 

7. Yammer permission is added

Yammer is added with a user_impersonation scope

Delegated permissions

 

8. Generate a new client secret

Generate a new client secret and choose to refresh the secret every year, every two years, or never

App secret

 

9. Get Postman ready

Import the Yammer API collection into Postman

Import API collection into Postman

 

10. Enter Azure Active Directory Token details

Get the details from the Application Overview page for your app and endpoints and input into Postman and request token. Here's the fields:

Callback URL: https://www.getpostman.com/oauth2/callback

Auth URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize

Access Token URL: https://login.microsoftonline.com/organizations/oauth2/v2.0/token

Client ID: Your Client ID

Secret: Secret that was generated in step 8

Scope: https://api.yammer.com/user_impersonation

Getting AAD Access token

 

11. Consent permissions

Consent permissions on behalf of your organization

Authorize permission

 

12. Generate AAD Token

Generate and use your new AAD token. Token lifetime is 60 minutes.

Get AAD access token

 

 

13. Set variables in Postman

So you don't have to repeat typing, set a variable with the Yammer API URI prefix. Set yamURI to https://www.yammer.com/api/v1/

Set API variable

 

14. Select update and you are ready

Postman is now ready to make requests to Yammer API endpoints using Azure Active Directory tokens.

 

As Yammer integrates further into Microsoft 365, we’re excited for additional platform opportunities through the Azure Active Directory - this is just the beginning. We’re interested in all your feedback so be sure to comment on this blog or join us on the first Wednesday of every month in the Monthly Yammer Platform and API Office Hours.

 

Updated Oct 14, 2019
Version 1.0
Postman Collection
Yammer
Yammer API
  • Sudarshan_Neupane's avatar
    Sudarshan_Neupane
    Copper Contributor
    Sep 21, 2022

    I followed the steps above, was able to get auth token for yammer, I could you that token to do yammer api calls in postman. However when I try to do same on the browser I always end up with CORS error. I have updated the url in the Azure App registration under platform configurations, but that did not solve the problem. Any ideas on what I am missing? or any directions?

    Thanks

    Sudarshan

  • Samraj_K's avatar
    Samraj_K
    Copper Contributor
    May 21, 2021

    Team,

    How can we renew the token automatically when access token is invalidated after 60min? I don't see any refresh token to do that.

  • bhanu chintha's avatar
    bhanu chintha
    Iron Contributor
    Sep 22, 2020

    Hello samsearth , 

     

    Thanks for the very detailed steps. I have understood and followed the below steps - But, I am getting the error - "Credentials are required to access this resource" when uploading the attachments to yammer using the given REST api.

     

    1) Created App & Configured Delegate permissions (Hope, Admin Consent is not required for the App)

    2) Configured the scope as "https://api.yammer.com/.default" and generated the Access Token

     

    We used this access token in a Flow to post attachment in a Yammer community. But, we got the error "Credentials are required to access this resource"

     

    Also, I tried changing the scope to "https://api.yammer.com/user_impersonation" as given in the article and tried to generate the access token, But, i got the error - "Error: AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://api.yammer.com/user_impersonation is not valid."

     

    I think i might be making some mistake somewhere in the above steps - Can you please let me know if any configuration above has to be changed?

     

    Thanks & Regards,

    Bhanu

  • sanish's avatar
    sanish
    Copper Contributor
    May 12, 2020

    Is there a way to set the Javascript Origins when using AAD Tokens?

  • deepak2518's avatar
    deepak2518
    Copper Contributor
    Feb 14, 2020

    Hi samsearth

     

     We always get 401 authentication failure When we try to access Yammer API using AAD token.

     

    We followed the same process you have mentioned here.

     

    Please help

     

    Thanks

     

  • Daniel Laskewitz's avatar
    Daniel Laskewitz
    Iron Contributor
    Oct 18, 2019

    Really great stuff, thanks! It would be great to have lots of these calls in the Flow Connector as well. Shouldn't be really hard to transition this to the Flow Connector. :smile:

     

    CC Stephen Siciliano